Export limit exceeded: 15953 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12585 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12585 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12585 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56334 1 Cap-go 1 Cap-go 2026-07-01 4.3 Medium
Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving build_requests rows stuck in pending state with null last_error values.
CVE-2026-12579 2026-07-01 7.4 High
AS228T with Authentication Bypass Vulnerability
CVE-2026-11387 2026-07-01 9.8 Critical
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updating their details like reset the password of any user account, including administrators, and gain full access to those accounts. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. This is only vulnerable on sites with OTP verification for password resets enabled, and where the administrator (or other user) has set a phone number for OTP verification.
CVE-2026-56290 1 Joomlack 1 Page Builder Ck Extension For Joomla 2026-07-01 N/A
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2026-49049 1 Joomshaper 1 Helix3 Extension For Joomla 2026-07-01 7.5 High
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
CVE-2026-9576 2 Fluent Booking, Wordpress 2 Fluent Booking, Wordpress 2026-07-01 4.9 Medium
The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.
CVE-2026-4360 1 Python 1 Cpython 2026-07-01 N/A
In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.
CVE-2026-11581 2 Wordpress, Wpchill 2 Wordpress, Kali Forms — Contact Form & Drag-and-drop Builder 2026-07-01 5.9 Medium
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes in an administrator's session. A missing capability check in the Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13's post-duplication action additionally lets the Contributor publish the malicious form so an administrator renders it.
CVE-2026-6556 1 Fastify 1 Fastify-express 2026-07-01 9.1 Critical
@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays of paths and regular expressions) are left unprefixed inside prefixed plugin scopes, so middleware registered with those forms does not match the actual prefixed request path. Applications that use path-scoped middleware for authentication, authorization, rate limiting, or auditing on routes inside a prefixed scope can be bypassed by sending a request to the prefixed route, because Fastify still matches the route but the middleware is skipped. Patches: upgrade to @fastify/express 4.0.7. Workarounds: use string mount paths instead of arrays or regular expressions in prefixed plugins, or register one use call per path.
CVE-2026-13914 1 Google 1 Chrome 2026-07-01 5.5 Medium
Inappropriate implementation in Passwords in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)
CVE-2026-13933 1 Google 1 Chrome 2026-07-01 5.3 Medium
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-43713 1 Apple 3 Ios And Ipados, Macos, Safari 2026-06-30 6.5 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data.
CVE-2026-43701 1 Apple 3 Ios And Ipados, Macos, Safari 2026-06-30 7.1 High
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.
CVE-2026-44947 1 Suse 1 Rancher 2026-06-30 N/A
A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.
CVE-2026-7663 1 Ibm 1 Langflow Oss 2026-06-30 9.1 Critical
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
CVE-2026-51221 1 Eipstackgroup 1 Opener 2026-06-30 7.5 High
A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service (DoS) via supplying a crafted Common Packet Format (CPF) packet.
CVE-2024-57049 1 Tp-link 2 Archer C20, Archer C20 Firmware 2026-06-30 9.8 Critical
DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2026-13490 1 Glpi-project 1 Glpi 2026-06-30 3.7 Low
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be executed remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure.
CVE-2026-13512 1 Databend 1 Databend 2026-06-30 6.3 Medium
A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the component Tenant Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance.
CVE-2026-13524 1 Cherryhq 1 Cherry-studio 2026-06-30 5.6 Medium
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.